映射到 CWE-89 的搜索结果 (4178)

CVE-2016-4861(发布:2017-02-16 21:59:13)NMS
CVSS7.5

[原文]The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

CVE-2016-3694(发布:2017-02-15 14:59:00)NM
CVSS7.5

[原文]Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php.

CVE-2016-3046(发布:2017-02-01 15:59:00)NMS
CVSS4.0

[原文]IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.

CVE-2016-4338(发布:2017-01-23 16:59:01)NMP
CVSS6.8

[原文]The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.

CVE-2016-0769(发布:2017-01-23 16:59:00)NM
CVSS6.5

[原文]Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.

CVE-2015-4592(发布:2017-01-10 10:59:00)NM
CVSS7.5

[原文]eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.

12345678下一页尾页 第1页 / 共697页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站